<?php
	if(isset($_COOKIE['session_id']) && isset($_COOKIE['user_id']) && isset($_POST['comment']) && isset($_GET['id'])){
		$hash = addslashes($_COOKIE['session_id']);
		$uid = addslashes($_COOKIE['user_id']);

		include('config.php');
		
		$query = 'SELECT COUNT(*) "count" FROM USERS U WHERE user_id = '. $uid . ' AND password = \'' . $hash . '\'';		
		$results = mysql_query($query);
	
		$row = mysql_fetch_array($results);
		
		if($row['count'] >= 1){
			$comment = htmlentities(addslashes($_POST['comment']));
			$id = addslashes($_GET['id']);

			$query = 'INSERT INTO COMMENTS VALUES (' . $id . ',  ' . $uid . ', NOW( ) , \'' . $comment . '\')';
			mysql_query($query);
			
			$query = 'UPDATE THREADS T SET T.last_post = NOW( ), T.post_count = T.post_count + 1 WHERE T.thread_id = ' . $id;
			mysql_query($query);
			
			header('Location: index.php?page=threads&id=' . $id);		
		}else{
			header('Location: index.php');
		}
	}else{
		header('Location: index.php');
	}
?>